Report - rj.shuolanwl01.top/guge/ChromeSetup.exe

Report Overview

Submitted URL
rj.shuolanwl01.top/guge/ChromeSetup.exe
IP
180.95.234.190
ASN
#4837 CHINA UNICOM China169 Backbone
Submitted
2023-06-01 05:16:29
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
5
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ocsp.trust-provider.cn	unknown	2015-04-09	2022-02-10	2023-05-31	336 B	1.5 kB	47.246.44.205
rj.shuolanwl01.top	unknown	2023-02-23	2023-03-14	2023-05-30	411 B	14 MB	123.234.2.86

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-01 05:16:09	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile
2023-06-01 05:16:10	high	Client IP	123.234.2.86	ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
2023-06-01 05:16:10	medium	Client IP	123.234.2.86	ET INFO HTTP Request to a *.top domain
2023-06-01 05:16:10	high	123.234.2.86	Client IP	ET POLICY PE EXE or DLL Windows file download HTTP
2023-06-01 05:16:10	low	123.234.2.86	Client IP	ET HUNTING Possible EXE Download From Suspicious TLD

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
rj.shuolanwl01.top/guge/ChromeSetup.exe
IP
123.234.2.86
ASN
#4837 CHINA UNICOM China169 Backbone

File type
PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size
14 MB (13778376 bytes)
Hash
247df534f84e33e5293ecf1e611a331c
e8bd471856aec066d35ddcf7b9fe2614325814e8
b1a6e7a01d0266f973e442be0b482bf53cbf3eff8d8e52748be137eb682a9f0b

Detections

Analyzer	Verdict	Alert
VirusTotal	4/71	VirusTotal -

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

ocsp.trust-provider.cn/

47.246.44.205

599 B

URL
ocsp.trust-provider.cn/
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
599 B (599 bytes)
Hash
6b14d338fd674a5acca006ee57385186
65c25f03ef622cd927efba8797350a01ec6b25c1
fb7c3773130b2e2f027c7562c4db018e515fddc0c759967ea22adad5f4a34b5c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Thu, 01 Jun 2023 05:05:55 GMT
last-modified: Wed, 31 May 2023 20:07:07 GMT
expires: Wed, 07 Jun 2023 20:07:06 GMT
etag: "65c25f03ef622cd927efba8797350a01ec6b25c1"
cache-control: max-age=587482,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb6
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 7d04eca13c722c56-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1685595955
via: cache15.l2de2[0,0,304-0,H], cache20.l2de2[1,0], cache3.se1[0,0,200-0,H], cache1.se1[2,0], cache2.se1[5,0]
age: 615
x-cache: HIT TCP_MEM_HIT dirn:2:388209753
x-swift-savetime: Thu, 01 Jun 2023 05:07:38 GMT
x-swift-cachetime: 1697
timing-allow-origin: *, *
eagleid: 2ff62c9616855965707058133e, 2ff62c9616855965707058133e

rj.shuolanwl01.top/guge/ChromeSetup.exe

123.234.2.86

200 OK

14 MB

URL User Request GET HTTP/1.1
rj.shuolanwl01.top/guge/ChromeSetup.exe
IP
123.234.2.86:80
ASN
#4837 CHINA UNICOM China169 Backbone

File type
PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size
14 MB (13778376 bytes)
Hash
247df534f84e33e5293ecf1e611a331c
e8bd471856aec066d35ddcf7b9fe2614325814e8
b1a6e7a01d0266f973e442be0b482bf53cbf3eff8d8e52748be137eb682a9f0b

Detections

Analyzer	Verdict	Alert
VirusTotal	4/71	VirusTotal -

NIDS	Severity	Alert
suricata	high	ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
suricata	medium	ET INFO HTTP Request to a *.top domain
suricata	high	ET POLICY PE EXE or DLL Windows file download HTTP
suricata	low	ET HUNTING Possible EXE Download From Suspicious TLD

HTTP Headers

GET /guge/ChromeSetup.exe HTTP/1.1
Host: rj.shuolanwl01.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Last-Modified: Sun, 16 Apr 2023 23:36:27 GMT
Etag: "0727a43bc70d91:0"
Content-Type: application/octet-stream
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Mon, 17 Apr 2023 15:52:12 GMT
Content-Length: 13778376
Accept-Ranges: bytes
X-NWS-LOG-UUID: 7769814998172250296
Connection: keep-alive
X-Cache-Lookup: Cache Hit

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (0)

HTTP Transactions (2)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers